Delete AssignedAccess applied via MDM WMI bridge Provider
Assigned Access allows you to configure a device to run a single Universal Windows Platform (UWP) app in kiosk mode. In this article, we shall discuss how to delete AssignedAccess applied via MDM WMI bridge Provider. Please see how to Setup Kiosk Mode on Windows 10 with AD User Account, “Remote WMI Connection: How to enable or disable WMI Traffic Using Firewall UI“, and how to setup a Single App Kiosk Mode Configuration using MDM Bridge WMI Provider.
Note: Deleting an Assigned Access instance that was applied via the Mobile Device Management (MDM) WMI Bridge Provider involves using Windows Management Instrumentation (WMI) to remove the specific configuration.
Assigned Access allows you to configure a device to run a single Universal Windows Platform (UWP) app in kiosk mode.
Please see “How to set up a Single App Kiosk Mode Configuration using a Local Account / MDM Bridge WMI Provider“, and “How to enable or disable a Remote WMI Connection in Windows“.
Determin AssignedAccess Instance
Before proceeding, ensure that the $namespaceName and $className are correctly reference as it relates to your environment.
To find the specific instance of Assigned Access that you want to delete, you can use the Get-WmiObject command to list the current configurations.
Get-WmiObject -Namespace "root\cimv2" -Class "MDM_AssignedAccess"This command will list all current Assigned Access configurations. Take note of the instance or ID of the one you wish to delete.
Delete an Instance (AssignedAccess)
For all device settings, the WMI Bridge client must be executed under local system user (Administrator).
To do that, download the psexec tool from and run psexec.exe -i -s cmd.exe from an elevated admin command prompt. Or run PowerShell as an administrator to ensure you have the necessary permissions. You can use this script to delete the instance of an AssignedAccess.
Delete existing instance
{
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT/Policy/Config' and InstanceID='AssignedAccess'"
Remove-CimInstance -CimInstance $obj
}
Ensure the right Instance ID is referenced. To see how this is done for Local account AssignedAccess.
Note: Once you have identified the specific instance. You could alternatively use the Invoke-WmiMethod command to delete it. Replace InstanceID with the actual ID of the instance you want to delete. Do not forget to replace AssignedAccess with your own “Instance ID”.
Invoke-WmiMethod -Namespace "root\cimv2" -Class "MDM_AssignedAccess" -Name "Delete" -ArgumentList "AssignedAccess"Note: The WMI method, specifically using Invoke-WmiMethod with the Delete action, allows for more granular control. You can delete specific instances of Assigned Access rather than clearing all configurations.
Please see how to clear Assigned Access with PowerShell. To see how this command can be used, see how to create, enumerate, query and modify an instance.
Verify Deletion
To ensure that the Assigned Access instance has been deleted, rerun the Get-WmiObject command.
Get-WmiObject -Namespace "root\cimv2" -Class "MDM_AssignedAccess"Alternative: Use PowerShell to clear Assigned Access
Clear-AssignedAccess cmdlet clears the AssignedAccess configured account settings and returns the user to default settings. It’s a simple cmdlet, open PowerShell and run the cmdlet as shown below.
PS C:> Clear-AssignedAccessNote: This command is straightforward and user-friendly. It does not require you to specify individual instances; instead, it clears all configurations in one go.
I hope you found this article on “how to Delete AssignedAccess applied via MDM WMI bridge Provider” very useful. Please feel free to leave a comment below.
